Mandiant: Hackers Broke In Using Heartbleed

Hackers successfully used the Heartbleed bug to break into a Mandiant customer’s network, the boutique security firm said Friday.

Mandiant, a unit of FireEye, didn’t name the client affected and there is no evidence hackers actually stole data. But the disclosure offers one of the first examples of someone using Heartbleed, a flaw in Internet encryption, to carry out a break-in.

It also indicates that hackers can use Heartbleed to sneak into walled-off corporate networks, not just consumer-oriented websites.

Earlier this week, Canadian authorities arrested a man for exploiting Heartbleed and causing “mischief.”

Heartbleed allows hackers to break through versions of the widely used OpenSSL encryption technology by scooping up bits of data thought to be secret. This can allow them to access usernames, passwords or even encryption keys used to access troves of private information.

Mandiant’s hacker appeared to take advantage of a delay between Heartbleed’s announcement last Monday and before Internet companies began plugging the hole later in the week.

Beginning last Tuesday, the hackers began attacking a piece of OpenSSL-based networking equipment at the unnamed client, Mandiant said. Through Heartbleed, they obtained encryption keys that allowed them to bypass two kinds of safeguards–virtual private network software and requests for multi-factor identification.

(Multi-factor authentication goes beyond passwords to require something a user has and something a user knows, like an ATM card and a PIN number or a token that randomly generates numbers used along with a password).

Once inside the network, the attackers tried to move on to access more sensitive pieces of information, though Mandiant wouldn’t elaborate.